Breaking Into the Security Job Market

By Vivian Wagner
Jan 25, 2010 5:00 AM PT

Regardless of the state of the economy, information security remains a top concern for consumers worked up about their information, for businesses seeking to protect that information, and for job-seekers looking for the next big thing. Even during the recession, the demand for information security-related jobs has remained strong.

"Security continues to be a dominant issue for corporations, and it's been a resilient skill-set throughout the downturn," Tom Silver, North American SVP for the tech recruiting company Dice, told the E-Commerce Times. "We never really saw security drop-off during the downturn. Today, there are more than 1,000 jobs posted on Dice.com that are security-specific."

In numerous studies done by Foote Partners, an independent IT research and advisory firm, information security jobs have been at the top of the list in terms of demand. The firm started noticing the growth in this field in 2007 and has been tracking it ever since, David Foote, CEO & chief research partner at Foote, told the E-Commerce Times.

"This is an amazing opportunity for people who work in security," explained Foote. "It's unbelievable how well security has done during this recession."

Information security is one of those rare fields in today's job market that has more job openings than people to fill them.

"There are more jobs than qualified people for information security jobs in both the commercial sector and the government sector," Jeff Snyder, president of SecurityRecruiter.com, told the E-Commerce Times.

Why Security?

The demand for information security professionals is the result of many forces coming together: increasing demand from businesses and consumers, increasing threats, and increasing governmental and industry regulation.

"There's a confluence of drivers," said Foote. "It's like a perfect storm."

The economic downturn, in fact, might also be contributing to the demand for security professionals.

"There is never a down year for corporations keeping their data safe," noted Silver. "If anything, downturns in the economy typically increase hacking attempts as you add financial stress and employment frustration to the mix. Companies are always uncovering new vulnerabilities and trying to stay ahead of any weak points they may have."

Types of Security Jobs

Information or IT security jobs come with a variety of titles, none of them consistent from company to company: security administrators, network security analysts, information security analysts, security architects, information security engineer, Web application security analysts, security auditors, and compliance auditors, to name a few.

"One of the challenges in the security space is that titles from one company to another don't necessarily mean the same thing," noted Snyder.

Companies, recruiters and job sites are working to keep up with the field and to develop a consistent set of job titles and corresponding pay rates, but the field of information security is in flux. One company's security architect might be another company's security analyst, and that's not likely to change any time soon.

"Titles are all over the place with IT jobs," said Foote. "In IT, if you have a title, and you ask what people with that title are doing, you might get 20 different answers. The best thing we can do is look at what people are doing in terms of skills."

The Certification Game

One way to measure these skills and qualifications, and for job-seekers to increase their marketability, is through the process of certification. Organizations like (ISC)2, Sans.org, and EC-Council provide training and certification in a variety of security-related specialties. There are also vendor- and product-specific security certifications offered by companies like Cisco, and new security-related certifications are being developed regularly as new technologies, vulnerabilities and threats develop.

Such certifications, while not always required to get a job in information security, are what set one candidate apart from another.

"These help candidates stand out," explained Snyder. "What I see is that companies are expecting multiple skill sets in the people they hire. People are going to have to have expertise in multiple domains and get certified in multiple areas.

The Future of Security

It's difficult to predict where the field of information security is headed, but there's a strong possibility that there will be an increasing convergence of the techie side of IT security and the more business-minded side. Companies, in other words, need information security professionals who also understand how to do business, serve customers, and design business models that work.

"Because IT is taking a bigger role in business, companies need people that understand both the business and the technical side," said Foote. "It's made security a potential option for people who aren't heavy tech people. It's opening it up to a whole new area of skills."

The varied listings on job sites devoted to tech and security jobs suggest this kind of breadth, demonstrating that security might be headed out the IT department and into the rest of the company. And not only is security an issue across divisions in a company; it's also an issue across industries.